International Association for Cryptologic Research

International Association
for Cryptologic Research


Efficient Covert Two-Party Computation

Stanislaw Jarecki
DOI: 10.1007/978-3-319-76578-5_22
Search ePrint
Search Google
Conference: PKC 2018
Abstract: Covert computation strengthens secure computation by hiding not only participants’ inputs (up to what the protocol outputs reveal), but also the fact of computation taking place (up to the same constraint). Existing maliciously-secure covert computation protocols are orders of magnitude more costly than non-covert secure computation, and they are either non-constant round [5] or they use non-black-box simulation [10]. Moreover, constant-round covert computation with black-box simulation is impossible in the plain model [10].We show that constant-round Covert Two-Party Computation (2PC) of general functions secure against malicious adversaries is possible with black-box simulation under DDH in the Common Reference String (CRS) model, where the impossibility result of [10] does not apply. Moreover, our protocol, a covert variant of a “cut-and-choose over garbled circuits” approach to constant-round 2PC, is in the same efficiency ballpark as standard, i.e. non-covert, 2PC protocols of this type. In addition, the proposed protocol is covert under concurrent self-composition.An essential tool we use is a covert simulation-sound Conditional KEM (CKEM) for arithmetic languages in prime-order groups, which we realize in CRS or ROM at costs which are either the same (in ROM) or very close (in CRS) to known HVZK’s for such languages.
  title={Efficient Covert Two-Party Computation},
  booktitle={Public-Key Cryptography – PKC 2018},
  series={Public-Key Cryptography – PKC 2018},
  author={Stanislaw Jarecki},